Privacy Policy

Our privacy policy

Basic information and scope of application

We at Impact Hub Berlin GmbH collect, process and use personal data only in compliance with existing data protection regulations. The legal framework for data protection is provided by the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG). The protection of your personal data is important to us. In the following, you will learn which personal data may arise from which of your activities on our homepage or through the use of our services and how you retain control over your data.

1.1 We work according to the principle of data minimisation

We collect, process and use data in accordance with the principle of data minimization. The information of personal data within our forms for general contact, reservation inquiries, room reservation or application for a membership is limited exclusively to the purpose-related extent. We store personal data in accordance with the principles of data minimization only as long as it is necessary or legally prescribed. If the purpose ceases to apply and there is no storage obligation, we will delete the data immediately after the purpose has expired. If there is a retention obligation, we block your data for the duration of the statutory retention period and delete the data after the expiry of the retention period. Further transmission of the data will only take place if it is legally permissible or if you have expressly agreed to the transmission.

We are responsible in the sense of the General Data Protection Regulation (GDPR) and the Federal Law for Data Protection (BDSG) as well as other data protection-juridical regulations for our website and the data processing connected with it to designate. Comprehensive information about our company can be found in the imprint.

Information of Controler

Impact Hub Berlin GmbH
Friedrichstraße 246
10969 Berlin
E-Mail: info@impacthub.berlin
Web: http://berlin.impacthub.net
Tel.: +49 30 259 257 25

Information of the data protection officer

GFAD Datenschutz GmbH

Datenschutzbeauftragter

Huttenstraße 34/35

10553 Berlin

Tel.: +49 (0)30 269 111-1

E-Mail: datenschutz@gfad.de

  1. Data Processing on our website

2.1 Data Security on our website

For the security of our website we use an SSL certificate with a 256 bit key, version TLS 1.2. A website encrypted with SSL transmits personal data encrypted to the server so that it is impossible for third parties to intercept or read it. A certificate verifies our identity. Depending on your browser, you can recognize that a secure connection exists by the green address bar and/or the lock. By clicking on the lock or the green address bar you can read our online proof of identity. By encrypting the transmission, you can assume that the data you have entered can only be read by us. You can see from the green address bar that you are connected to our server via a secure connection and that it is not a third-party site.

2.2 Provision of the Website and Log Files

Each time our website is accessed, our system, i.e. the web server, automatically collects information from the system of the user’s computer or terminal device when our website is accessed.

The following data is collected by us:

Information about the browser type and the version used
The Internet service provider of the user
The IP address of the user
The operating system of the user’s terminal device
Date and time of access
The previous website from which the user accesses our website

The legal basis for the temporary storage of this data and the log files is our legitimate interest in ensuring a functioning website as the responsible website operator pursuant to Art. 6 Para. 1 lit. f. GDPR.

The temporary storage of the user’s IP address by our system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the IP address of the user must inevitably remain stored for the duration of the session. The above data is stored in the log files to ensure the functionality of our website. This data is also used to optimize the website and to guarantee the security of our information technology systems (e.g. attack detection). An evaluation of the data for marketing purposes does not take place in this context. The above-mentioned data will be deleted as soon as they are no longer required for the achievement of the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storing the data in log files, this is the case after 7 days at the latest. In this case the IP address of the user is deleted or alienated by us, so that an assignment of the calling client is no longer possible and the data contained no longer have any personal reference. A storage going beyond this is possible, if there are indications for an illegal use of our offer.

2.3 Cookies

This website uses so-called cookies. These are text files that are stored on your computer by the server. They contain information about the browser, the IP address, the operating system and the Internet connection. We do not pass this data on to third parties or link it to personal data without their consent. Cookies fullfil two main tasks. They help us to make it easier for you to navigate through our website and enable the website to be displayed correctly. They are not used to introduce viruses or start programs.

Users have the possibility to access our website without cookies. To do this, the corresponding settings must be changed in the browser. Please inform yourself about the help function of your browser how to deactivate cookies. However, we would like to point out that this may impair some of the functions of this website and limit user comfort. The pages http://www.aboutads.info/choices/ (USA) and http://www.youronlinechoices.com/uk/your-ad-choices/ (Europe) allow you to manage online ad cookies.

We also use cookies to identify you for subsequent visits. The legal basis for the use of cookies is our legitimate interest pursuant to Art. 6 para. 1 lit. f. GDPR, to make our website user-friendly. This website uses the following types of cookies, the scope and function of which are explained below:

Transient Cookies

These cookies are automatically deleted when you close your browser. These include in particular session cookies. They store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This enables your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close your browser.

Persistent Cookies

These cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.

Prevention of cookies

You can configure your browser settings according to your wishes and, for example, reject the acceptance of third-party cookies or all cookies. We would like to point out that you may then not be able to use all the functions of this website.

Recipients of data or categories of recipients

Within Impact Hub Berlin, those offices that need your data to fulfil their contractual and legal obligations will have access to it.

External service providers (contract processors)

Your data will be passed on to service partners, e.g. IT and software service providers for support and maintenance work, as part of the support of our website in order to support us in providing our services. The website is hosted by a provider as an order processor according to Art. 28 GDPR.

Processing of your personal data by commissioned service providers may take place within the framework of order processing pursuant to Art. 28 GDPR.
Change Cookies Setting

2.4 Services and Contents of Third Party Providers

2.4.1 Matomo Analytics

This website is using Matomo 2, an Open Source, self-hosted software for collecting anonymous usage statistics for this website.

The data is used to analyse the behaviour of the website visitors to identify potential pitfalls like not found pages, search engine indexing issues and to find out which contents are the most appreciated. Once the data (number of visitors reaching a not found pages, viewing only one page…) is processed, Matomo is generating reports for website owners to take action, for example changing the layout of the pages, publishing some fresh content… etc.

Matomo

Matomo is processing the following data:

Cookies
Anonymized IP-address by removing the last 2 bytes (so 198.51.0.0 instead of 198.51.100.54)
Pseudo-anonymized Location of the user (generated from the anonymized IP-address)
Date and time
Title of the page being viewed
URL of the page being viewed
URL of the page that was viewed prior to the current page (if the page allows it)
Screen resolution
Time in local timezone
Files that were clicked and downloaded
Link clicks to an outside domain
Pages generation time
Country, region, city (low resolution based on IP-address
Main Language of the browser
User Agent of the browser
Interactions with forms (but not the content)

Indirect data collection

Server Logs

If you are using this site, the visit is logged by the host of this website ([hosting company]). This log contains your IP-Address which allows you to be identified indirectly via your internet servrive provider. The collection of this data is a legal obligation and required for security. You cannot oppose it and the data is at no time used for other purposes.

The legitimate interests

The processing of personal data is based on legitimate interests.

Processing your personal data such as cookies is helping us identify what is working and what is not on our website. For example, it helps us identify if the way we are communicating is engaging or not and how we can organize the structure of the website better. Our team is benefiting from the processing of your personal data, and they are directly acting on the website. By processing your personal data, you can profit from a website which is getting better and better.

Without the data, we would not be able to provide you the service we are currently offering to you. Your data will be used only to improve the user experience on our website and help you find the information you are looking for.

Recipient of the data

The personal data received through Matomo are sent to:

us (the owners of berlin.impacthub.net)

Data subject’s rights

As Matomo is processing personal data on legitimate interests, you can exercise the following rights:

Right of access and data portability: you can ask us at any time to access your data.
Right to erasure and rectification: you can ask us at any time to delete all the data we are processing about you.
Right to object and restrict processing: you can object to the tracking of your data by using the following opt-out feature or by enabling DoNotTrack in your browser:

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.


Matomo Analytics

License

This privacy policy is based on the privacy policy of the Matomo project 1 and licensed under Creative Commons, so you can modify it and use it yourself.

2.4.2 Social Media Plug-ins

We integrate the following social media services into our websites on the basis of our legitimate interests in the representation of our company on social media as part of our public relations work pursuant to Art. 6 Para. 1 lit. f GDPR Plug-ins: – Facebook (Operator: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA) – Twitter (Operator: Twitter Inc., 795 Folsom St.., Suite 600, San Francisco, CA 94107, USA) – Vimeo (Operator: Vimeo, LLC, headquartered at 555 West 18th Street, New York, New York 10011, USA) – LinkedIn: (Operator: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA) These plugins usually collect data from you by default and transmit it to the servers of the respective provider. The plugins also collect personal data such as your IP address and send it to the servers of the respective provider, where it is stored and processed. In addition, social plugins set a cookie with a unique identifier when the website in question is accessed. This also enables the providers to create profiles about your usage behaviour. This also happens if you are not a member of the social network of the respective provider. If you are a member of the social network of the provider and you are logged into the social network during your visit to this website, your data and information about your visit to this website may be linked to your profile on the social network. We have no influence on the exact extent of the data collected from you by the respective provider. For more detailed information about the scope, type and purpose of data processing and about rights and setting options to protect your privacy, please refer to the data protection information of the respective provider of the social network. These are available at the following addresses:

Facebook: https://www.facebook.com/policy.php
Twitter: https://twitter.com/privacy/
Vimeo: http://vimeo.com/privacy

LinkedIn: https://www.linkedin.com/legal/privacy-policy

2.4.3 Google reCAPTCHA

Google reCAPTCHA is a service from Google LLC that allows website operators to check whether a user on their site is a human or a bot. This is to ensure that no bots interact automatically on the site.

On our website we use reCAPTCHA V2, where the user has to answer a query before sending a request. Google uses this query to check whether the user is a human or a bot. Google uses cookies to process cursor movements and the IP address of the user. During the verification by reCAPTCHA website operators and thus Google collect a number of data of the user. Thus Google collects reCAPTCHA among other things information about the

Page that integrates reCAPTCHA,

IP address of the user,
language set in the browser,
Screen and window resolution,
Time zone and
Installation of browser plugins.

The purpose of reCAPTCHA is to check whether the data input on our websites (e.g. in a contact form) is made by a person or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor on the basis of various characteristics. For analysis purposes, reCAPTCHA evaluates various information (e.g. IP address, length of stay of the website visitor on the website or mouse movements made by the user). The data collected during the analysis is stored by Google.

Data processing is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting his web offers from abusive automated spying and from SPAM.

For further information on Google reCAPTCHA and Google’s privacy policy, please refer to the following links: https://www.google.com/policies/privacy/

For the transmission of data to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, an adequate EU data protection level exists due to the certification according to the Privacy Shield. Since 22 January 2019, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland has been the data controller responsible for Google services within the EEA and Switzerland.

If you do not want Google to collect, process or use data about you via our website, you can delete or block cookies in your browser settings. Or you can use the following opt-out: https://adssettings.google.com/authenticated. to object.

2.4.4 Registration Member Log-in with Facebook Connect

Instead of registering directly on our website, you can use Facebook Connect to register. This service is provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. We offer this registration option on the basis of our legitimate interest in a user-friendly registration option pursuant to Art. 6 Para. 1 lit. f GDPR.

If you decide to register with Facebook Connect and click on the “Login with Facebook” / “Connect with Facebook” button, you will automatically be redirected to the Facebook platform. There you can log in with your usage data. This links your Facebook profile to our website or services. This link gives us access to your data stored on Facebook. These are above all:

Facebook name

Facebook profile and cover picture

Facebook cover picture

E-mail address stored on Facebook

Facebook ID

Facebook friend lists

Facebook Likes (“Gradient-mir” information)

Birthday

sex

country

Language

This data is used to set up, provide and personalize your account.

To do this, facebook uses cookies to confirm your account and to determine when you are logged in so that we can make it easier for you to access Facebook products and provide you with the appropriate experience and features. For more information, see the Facebook Terms of Use and Facebook Privacy Policy. These can be found at: https://de-de.facebook.com/about/privacy/ and https://www.facebook.com/legal/terms.

2.4.5 CRM System from salesforce

We use the CRM system of the provider salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, due to our legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR in order to be able to process user enquiries faster and more efficiently.

salesforce is certified under the Privacy Shield Agreement and thus offers an additional guarantee to comply with European data protection law if data is processed in the USA (https://www.privacyshield.gov/participant?id=a2zt0000000KzLyAAK&status=Active).

salesforce uses user data only for the technical processing of requests and does not pass them on to third parties. In order to use salesforce, it is necessary to provide at least a correct e-mail address. A pseudonymous use is possible. In the course of processing service requests, it may be necessary to collect further data (name, address).

The use of Zendesk is optional and serves the improvement and acceleration of our customer and user service. If users do not consent to the collection and storage of data by salesforce’s external system, we will provide them with alternative contact options for submitting service requests by email, telephone, fax, or mail.

For more information, please refer to salesforce’s privacy policy: https://www.salesforce.com/de/company/privacy/

2.5 Newsletter

You can subscribe to our newsletter on our website. This is done by entering a valid e-mail address in the “Newsletter” contact form. The indication of the name is voluntary for you and serves only for the personal speech.

You will only receive our newsletter with your unambiguous consent in accordance with Article 6 para. 1 lit a GDPR. To do this, you must reconfirm the e-mail that we sent to the corresponding address following your registration.

In addition to the valid e-mail address and the name you may have provided, the IP address you use to register for the newsletter and the date on which you order the newsletter will also be stored. This data serves us as proof in the event of misuse, if a third party e-mail address is registered for the newsletter. We send newsletters and other e-mails with advertising information (hereinafter “newsletter”) through the dispatch service provider “MailChimp”. “MailChimp” is a newsletter mailing platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the privacy policy of the shipping service provider here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the EU Privacy Shield Agreement and thus offers a guarantee of compliance with the European level of data protection. (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active)

The shipping service provider is appointed on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR and a contract processing agreement pursuant to Art. 28 para. 3 sentence 1 GDPR.

The dispatch service provider can use the recipient’s data in pseudonymous form, i.e. without allocation to a user, to optimise or improve its own services, e.g. for technical optimisation of dispatch and presentation of the newsletter or for statistical purposes. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or to pass on the data to third parties.

If you no longer wish to receive the newsletter, you will find a corresponding button “unsubscribe” or “unsubscribe” (at the end of the newsletter) in every newsletter you receive, which you can use to cancel your subscription.

Of course, you can revoke your consent to the storage and processing of the data provided within the scope of the newsletter dispatch at any time with effect for the future via our contact provided.

2.6 Further contact forms / Contact by e-mail

If you contact us via the online form or by e-mail, we store the information you provide in order to be able to answer your enquiry and ask possible follow-up questions.

On our website you can also make a request for a room reservation “book our space” or apply for a membership in the Impact Hub Berlin “membership”.

We collect, process and use this data only to the extent necessary to process your order directly or to initiate or conclude a contract pursuant to Art. 6 Para. 1 lit. b GDPR. For the answering of all other inquiries, which do not aim at an initiation or a conclusion of a contract, the indicated personal data become on the legal basis of our entitled interests after art. 6 exp. 1 lit. f DSGVO to answer the inquiries duly. The customer data collected will be deleted after conclusion of the order or termination of the business relationship as well as the final answer to the enquiry. Legal retention periods remain unaffected.

We only transfer personal data to third parties if this is necessary within the framework of contract processing, for example to the credit institution commissioned with payment processing, is legally permissible or you have given your consent.

2.7 Career/job offers

You can apply to one of our companies electronically, in particular by e-mail at jobs@impacthub.berlin. Your details will only be used to process your application.

Please note that e-mails sent unencrypted are not transmitted with access protection.

For a qualified application, please submit your CV and without this information we will unfortunately not be able to process your application. In addition, you have the option of voluntarily providing additional information. The legal basis for the data processing of your application is the initiation of an employment relationship in accordance with Art. 6 Para. 1 b GDPR in conjunction with § 26 BDSG.

If you have applied for a specific position and this position has already been filled or we consider you to be suitable for another position as well or even better, we would like to forward your application within our group of companies. Please let us know if you agree to your application being forwarded.

Your personal data will be deleted within a maximum of 6 months after completion of the application process, unless you have expressly given us your consent for a longer storage of your data or a contract has been concluded.

Rights of data subjects

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke your consent at any time. For this purpose, an informal e-mail notification to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)

If data processing is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR, you have the right at any time to object to the processing of your personal data for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which a processing is based can be found in this data protection declaration. If you file an objection, we will no longer process your personal data concerned unless we can prove compelling reasons for the processing worthy of protection which outweigh your interests, rights and freedoms or the processing serves the assertion, exercise or defence of legal claims (objection according to Art. 21 para. 1 GDPR).

If your personal data are processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling in so far as it is connected with such direct advertising. If you object, your personal data will no longer be used for direct marketing purposes (objection according to Art. 21 para. 2 GDPR).

Right of appeal to a supervisory authority

In the event of infringements of the GDPR, the persons concerned have the right to appeal to a supervisory authority, in particular in the Member State of their habitual residence, workplace or place of presumed infringement. The right of appeal shall be without prejudice to other administrative or judicial remedies.

Right to data transferability

You have the right to have data which we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible person, this will only be done as far as it is technically feasible.

Information, blocking, deletion and correction

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, their origin and recipient and the purpose of data processing and, if applicable, a right to correction, blocking or deletion of this data. You can contact us at any time at the address given in the text above for this and other questions on the subject of personal data.

Right to limitation of processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time at the address given. The right to limit the processing exists in the following cases:

If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the examination you have the right to demand the restriction of the processing of your personal data.
If the processing of your personal data has taken place unlawfully, you can demand the restriction of data processing instead of deletion.
If we no longer need your personal data, but you need it for the exercise, defence or assertion of legal claims, you have the right to demand the restriction of the processing of your personal data instead of deletion.
If you have lodged an objection pursuant to Art. 21 Para. 1 GDPR, a balance must be struck between your and our interests. As long as it is not yet clear whose interests predominate, you have the right to demand that the processing of your personal data be restricted.

If you have restricted the processing of your personal data, such data may not be processed – apart from its storage – without your consent or for the purpose of asserting, exercising or defending legal rights or protecting the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

Data processing within the scope of our business services

Contractual services

We process the data of our contractual partners and interested parties as well as clients, suppliers, service providers and customers according to Art. 6 Para. 1 lit. b. GDPR in order to provide them with our contractual or pre-contractual services. The data processed, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship. The processing data includes the master data of our contractual partners (e.g. names and addresses), contact data (e.g. e-mail addresses and telephone numbers) as well as contract data (e.g. services used, contract contents, contractual communication, names of contact persons) and payment data (e.g. bank details, payment history). We do not process any special categories of personal data, unless these are part of a commissioned or contractual processing. We process data which are necessary for the justification and fulfilment of the contractual services and point out the necessity of their indication, if this is not evident for the contracting parties. Disclosure to external persons or companies will only take place if it is necessary within the framework of a contract. When processing the data provided to us within the framework of an order, we act in accordance with the instructions of the client and the legal requirements.

Within the scope of using our online services, we can store the IP address and the time of the respective user action. The storage takes place on the basis of our justified interests of the users in the protection from abuse and other unauthorized use. This data will not be passed on to third parties unless it is necessary to pursue our claims pursuant to Art. 6 Para. 1 lit. f. GDPR is necessary or there is a legal obligation to do so pursuant to Art. 6 Para. 1 lit. c. GDPR.

The data will be deleted when the data is no longer required for the fulfilment of contractual or statutory duties of care and for handling any warranty and comparable obligations, whereby the necessity of storing the data is reviewed every three years. In all other respects, the statutory storage obligations shall apply.

Data processing at trade fairs / handling business cards

If you provide us with your contact data at a trade fair, e.g. by providing us with your business card, we store this data in our CRM system. We use your data to contact you as requested, to establish a business relationship and to send you information material (Art. 6 para. 1 lit a, b and f GDPR). Your data will be deleted if you so wish or if the purpose of the processing no longer applies and storage is no longer necessary, provided there are no legal storage periods to the contrary.

Direct mail

We may use the e-mail address and postal address provided within the framework of the initiation and conclusion of a contractual relationship to inform you about similar product and service offers by e-mail and post from now on due to our legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR. If you do not wish to receive any further advertising information by e-mail or post, you can object to the use of your contact data for advertising purposes at any time with effect for the future without incurring any costs other than the transmission costs according to the basic tariffs. You can address your objection to the following contact addresses. E-mail info@impacthub.berlin or mail to Impact Hub Berlin GmbH, Friedrichstrasse 246, 10969 Berlin.

Your data will be deleted if there is a legal obligation, the purpose of processing no longer applies and storage is no longer necessary or is objected to, unless there are legal storage periods to the contrary.

Cooperation with contract processors and third parties

Insofar as we disclose data to other persons and companies (contract processors or third parties) within the scope of our processing, transfer them to them or otherwise grant them access to the data, this shall only take place on the basis of legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, pursuant to Art. 6 Para. 1 lit. b GDPR is necessary for the performance of the contract), if you have consented to this, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we commission third parties with the processing of data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.

Other service providers, partners and third parties

We may cooperate with other partners if it is necessary to fulfil our service offers or if we are legally obliged to disclose data. These may be the following partners or third parties:

– Credit institutions and payment service providers

– credit agencies

– Call center for support

– Passing on to public bodies or by court order

– advertising agencies

– logistics

– Consulting and consulting

– Marketing and Sales

We attach great importance to processing your data within the EU. However, it may happen that we use service providers who operate outside the EU. In these cases, we ensure that an appropriate level of data protection is established in accordance with Art. 44 -49 GDPR before your personal data is transferred. This means that EU standard agreements or an adequacy decision, such as the EU Privacy Shield, or other contractual and technical measures achieve a level of data protection that is comparable to the standards within the EU.

Origin of personal data

We process personal data that we receive within the scope of our business relationship. In addition, to the extent necessary for the provision of our services and for the fulfilment of the contract, we process personal data which we have received from other companies in our group of companies or from other third parties (e.g. credit agencies) in a permissible manner (e.g. for the execution of orders, for the fulfilment of contracts or on the basis of consents given by you). In addition, we process personal data that we have obtained and are permitted to process from publicly accessible sources (e.g. trade and association registers, press, media).

Categories of personal data

We process the following categories of personal data about you:

Personal data (name, address and other contact data, date of birth), possibly order data (e.g. delivery order), payment data, data from the fulfilment of our contractual obligations, advertising and sales data, documentation data (data from consultation and service discussions) as well as comparable data.

General notes

Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of the use of third-party services or disclosure or transfer of data to third parties, this will only occur if it is done to fulfil our (pre)contractual obligations, on the basis of your consent, a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or allow the data to be processed in a third country only if the special requirements of Art. 44 ff. GDPR. This means that the processing takes place, for example, on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to the EU (e.g. for the USA by the “Privacy Shield”) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).

Data storage

If necessary, we process and store personal data for the duration of the business relationship. This also includes the initiation and execution of a contract. For the duration of the existence of warranty and guarantee claims, the necessary personal data will be stored. In addition, we store personal data insofar as we are legally obliged to do so. Corresponding proof and storage obligations result from the commercial code and the tax code. The time limits for storage or documentation assigned there are six years in accordance with commercial law requirements in accordance with § 257 HGB and up to ten years due to tax requirements in accordance with § 147 AO. We delete personal data of the person concerned as soon as the purpose of storage no longer applies and statutory retention periods do not prevent deletion.

Legal or contractual provisions governing the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of not providing the data

We will inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may result from contractual provisions (e.g. information on the contractual partner). For the conclusion of a contract it is necessary that you provide us with personal data. Without this data, we will generally have to refuse to conclude a contract or will no longer be able to execute an existing contract and may have to terminate it. If there is a legal obligation to provide the data, you are obliged to provide us with personal data. If you do not provide the data, we may not establish the desired business relationship. Before the data subject provides personal data, the data subject may contact our data protection officer. Our data protection officer informs the data subject on a case-by-case basis whether the provision of personal data is required by law or contract or is necessary for the conclusion of a contract, whether there is an obligation to provide the personal data and what consequences the non-availability of the personal data would have.

Automated decision making

As a responsible organisation, we do not use exclusively automated decision-making within the meaning of Art. 22 GDPR, which has legal effect for you, to establish contractual relationships.

Objection to advertising e-mails

We hereby object to the use of contact data published within the scope of the imprint obligation to send unsolicited advertising and information material. The operators of this website expressly reserve the right to take legal action against unsolicited mailing or e-mailing of spam and other similar advertising materials.

Liability for links

Our offer contains links to external websites of third parties, on whose contents we have no influence. Therefore, we cannot assume any liability for these external contents. The respective provider or operator of the pages is always responsible for the contents of the linked pages. The linked pages were checked for possible legal infringements at the time of linking. Illegal contents were not recognisable at the time of linking. A permanent control of the contents of the linked pages is not reasonable without concrete evidence of an infringement. As soon as we become aware of any legal infringements, we will remove such links immediately.

Changes to our data protection information

In order to ensure that our data protection information always complies with the current legal requirements, we reserve the right to make changes at any time. This also applies in the event that the data protection information has to be adjusted due to new or revised services, for example new services. The new data protection information will then take effect the next time you visit our website. This page should be called up regularly in order to obtain information on the current status of our data usage regulations. (Current status: June 2019)